Doria Tang

1 exploit Active since Jul 2025
CVE-2025-49087 WRITEUP MEDIUM WRITEUP
Mbed TLS 3.6.1-3.6.3 - Covert Timing Channel via PKCS#7 Padding Removal
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.
CVSS 4.0